payment security

The Payment Card Industry Data Security Standard (PCI DSS) is a global data security standard that regulates how entities store, process, and transmit cardholder data (CHD) and/or sensitive authentication data (SAD). PCI DSS includes guidelines regarding components of organizations' technical and operational system that are related to such data. Cardholder Data refers to information including Primary Account Numbers (PAN), cardholder names, expiration dates, and service codes. Sensitive authentication data refers to information including "full track data (magnetic-stripe data or equivalent on a chip)," card verification codes, and PINs/PIN blocks. This standard is administered by the Payment Card Industry Security Standards Council, and its use is enforced by the major payment card brands. PCI DSS was created to improve and streamline the security controls organizations use when handling cardholder data and reduce credit card fraud. These organizations, including merchants and service providers, must prove compliance to the PCI DSS through an assessment and validation process. The payment card brands issue fines and other penalties when merchants or service providers fail to prove compliance. Validation of compliance is performed annually or quarterly with a method suited to the organization's volume of transactions:

Self-assessment questionnaire (SAQ)
Firm-specific Internal Security Assessor (ISA)
External Qualified Security Assessor (QSA)

View More On Wikipedia.org